Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ESGpjM8oQ5gdBbbo5giCngIsfkg.roa
File: ESGpjM8oQ5gdBbbo5giCngIsfkg.roa (raw, json)
Hash identifier: S2ltRg7Cepf/AU+YNIX9PYCdyHPpkkxAvoGBcEtCYbU=
Subject key identifier: 11:21:A9:8C:CF:28:43:98:1D:05:B6:E8:E6:08:82:9E:02:2C:7E:48
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187755A5C939D7FBDFC387309A6AEB29A6B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ESGpjM8oQ5gdBbbo5giCngIsfkg.roa
Signing time: Wed 12 Apr 2023 12:04:28 +0000
ROA not before: Wed 12 Apr 2023 12:04:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204843
IP address blocks: 94.156.11.0/24 maxlen: 24
45.81.241.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
193.149.2.0/24 maxlen: 24
193.149.3.0/24 maxlen: 24
37.221.121.0/24 maxlen: 24
37.221.122.0/24 maxlen: 24
37.221.123.0/24 maxlen: 24
37.221.120.0/24 maxlen: 24
185.221.64.0/24 maxlen: 24
45.144.153.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:75:5a:5c:93:9d:7f:bd:fc:38:73:09:a6:ae:b2:9a:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 12 12:04:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1121a98ccf2843981d05b6e8e608829e022c7e48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:5b:0e:49:88:50:d1:da:b7:9c:b5:67:c6:e8:
2f:7e:de:13:96:fe:c2:b1:26:2f:59:19:78:74:98:
01:03:15:95:12:2a:6b:b1:17:34:09:a0:02:2a:bf:
fe:74:25:f5:71:8f:a0:1b:fc:67:da:b9:72:7f:55:
33:9c:e9:b3:a1:40:6d:ec:ea:16:ca:91:8f:7e:9c:
ec:a2:36:3c:ea:71:7d:74:4a:d4:f0:ef:73:cb:5c:
39:07:a2:1b:a1:e4:b3:e2:d1:a8:c1:cf:6e:76:a4:
f5:d1:47:ad:13:05:46:05:2f:0c:4f:e7:6f:24:30:
83:a6:26:a9:ce:e0:43:75:91:52:30:84:93:87:46:
9f:9a:db:e7:2b:c0:dd:f3:1b:e0:4a:0a:38:d4:ce:
0d:e6:d1:c9:7a:f4:df:1b:61:83:f6:54:3d:7a:2c:
f6:79:4d:cd:12:96:a4:b5:f2:fe:a2:b7:2e:4f:b0:
93:0f:2b:42:f0:60:26:36:0e:f2:52:55:41:71:ec:
77:bf:3e:f3:57:4c:3e:de:c8:57:2f:f8:57:cf:7f:
f5:33:78:4f:c1:fa:2a:a3:e5:92:ec:2c:50:60:c8:
a2:94:56:0b:ab:2d:7a:07:e7:2e:8e:d6:7e:de:82:
22:a0:c0:9a:d8:78:a1:46:95:a9:9d:03:59:a0:e3:
83:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:21:A9:8C:CF:28:43:98:1D:05:B6:E8:E6:08:82:9E:02:2C:7E:48
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ESGpjM8oQ5gdBbbo5giCngIsfkg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.120.0/22
45.81.241.0/24
45.144.153.0/24
94.156.11.0/24
141.98.1.0/24
185.221.64.0/24
193.149.2.0/23
Signature Algorithm: sha256WithRSAEncryption
13:d8:2a:42:47:d5:45:0a:9a:19:7a:5e:71:e3:12:2c:1b:7b:
c0:98:75:dd:b2:3b:29:43:29:7a:2b:fb:2e:80:e0:2f:9a:f8:
4b:88:89:24:55:25:4f:d7:1c:5c:f4:c9:25:3a:83:6c:bf:64:
3e:a6:3a:e4:70:b9:ad:04:30:ae:ea:d3:d3:c2:50:d0:3a:0c:
94:f9:70:e0:cd:0a:4d:da:a2:d2:7c:1e:e1:01:70:a4:6f:07:
3e:81:5b:3d:8a:d4:ee:c5:83:c8:8b:5f:a2:68:b1:2f:ca:65:
38:df:1d:d5:ec:6c:a9:c2:16:21:3c:6a:cb:75:ab:af:a8:dc:
d8:10:61:e4:ff:6d:e5:91:f7:fc:a3:2a:64:45:2b:52:58:8e:
43:57:b8:75:d2:5f:ed:13:a9:55:f6:a4:72:65:5f:96:15:e5:
fc:9d:86:36:0c:ae:6b:7c:e5:9c:c8:fc:8f:e0:75:bd:6e:14:
4d:49:e4:24:da:33:6e:35:1e:7d:52:12:71:df:14:3a:02:ee:
64:de:79:b1:d1:1a:98:16:eb:58:b7:06:7b:7a:83:9a:e0:8e:
d2:71:07:d0:4a:2e:7d:7e:a5:6a:38:6a:58:19:06:bb:d1:8d:
e3:58:86:e3:28:81:38:81:37:bb:76:c4:88:57:6a:39:6c:7d:
7a:e6:ee:45
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYd1WlyTnX+9/DhzCaauspprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEyMTIwNDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTIxYTk4Y2NmMjg0Mzk4MWQwNWI2ZThlNjA4ODI5ZTAyMmM3ZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1sOSYhQ0dq3nLVnxugvft4Tlv7C
sSYvWRl4dJgBAxWVEiprsRc0CaACKr/+dCX1cY+gG/xn2rlyf1UznOmzoUBt7OoW
ypGPfpzsojY86nF9dErU8O9zy1w5B6IboeSz4tGowc9udqT10UetEwVGBS8MT+dv
JDCDpiapzuBDdZFSMISTh0afmtvnK8Dd8xvgSgo41M4N5tHJevTfG2GD9lQ9eiz2
eU3NEpaktfL+orcuT7CTDytC8GAmNg7yUlVBcex3vz7zV0w+3shXL/hXz3/1M3hP
wfoqo+WS7CxQYMiilFYLqy16B+cujtZ+3oIioMCa2HihRpWpnQNZoOOD0wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBEhqYzPKEOYHQW26OYIgp4CLH5IMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRVNHcGpNOG9RNWdkQmJibzVnaUNuZ0lzZmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCJd14AwQA
LVHxAwQALZCZAwQAXpwLAwQAjWIBAwQAud1AAwQBwZUCMA0GCSqGSIb3DQEBCwUA
A4IBAQAT2CpCR9VFCpoZel5x4xIsG3vAmHXdsjspQyl6K/sugOAvmvhLiIkkVSVP
1xxc9MklOoNsv2Q+pjrkcLmtBDCu6tPTwlDQOgyU+XDgzQpN2qLSfB7hAXCkbwc+
gVs9itTuxYPIi1+iaLEvymU43x3V7GypwhYhPGrLdauvqNzYEGHk/23lkff8oypk
RStSWI5DV7h10l/tE6lV9qRyZV+WFeX8nYY2DK5rfOWcyPyP4HW9bhRNSeQk2jNu
NR59UhJx3xQ6Au5k3nmx0RqYFutYtwZ7eoOa4I7ScQfQSi59fqVqOGpYGQa70Y3j
WIbjKIE4gTe7dsSIV2o5bH165u5F
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:34 2023 by rpki-client on console-ams.rpki-client.org